Clearing out the mist between SAP UI Masking, HANA Dynamic Data Masking (DDM) and SAP Test Data Migration Server (TDMS)
In the era of digital transformation, extensive use of data analytics and on the other hand regulations like GDPR, HIPAA etc., technologies for Data Masking and Data Scrambling play a very vital role to meet both business as well as compliance demands.
In this blog post, I will try to clear the mist between SAP UI Masking, HANA Dynamic Data Masking (DDM) and SAP Test Data Migration Server (TDMS).
Before we jump into the topic, let us differentiate between data masking and scrambling.
Data masking (or data obfuscation) is the process of hiding original data with random characters or data, on the other hand, Data scrambling can be interpreted as a sort of irreversible process, which converts an original sensitive value(s) into a newly defined random value(s).
SAP UI Masking, HANA DDM and SAP TDMS are complementary. Diagrams and table below explains the same in detail:
|SAP UI Masking||HANA DDM||SAP TDMS|
|Brief Description||It just changes the data in the UI layer and does not change the data at the database layer. As underlying data remains unchanged, the application can still perform calculations on the masked data. It provides additional layer of access control which can be used especially to protect sensitive data.||It changes how data appears in views/tables and does not modify the underlying data. As underlying data remains unchanged, the database can still perform calculations on the masked data. It does not protect the data in a linked transactional system (ERP, S/4 HANA); here data will be handed over to business users in clear form unless UI masking is used.||It copies the data from productive to non-productive environment and while doing so scrambles and this irretrievably anonymizes/pseudonymiz-es the data|
|Compatibility||SAP GUI, SAP Fiori, SAP Webdynpro ABAP (SAP ECC, SAP CRM, SAP S/4 HANA)||HANA Studio, HANA Web IDE and reporting applications like Lumira, BO; which are directly fetching data from HANA DB layer||SAP ECC (not yet compatible with S/4 HANA)|
|License||Additional license cost||Native out of the box from HANA 2.0 and above||Additional license cost|
|Use case||Mainly useful in production system. It can be used in non-production system in conjunction with TDMS for testing purposes. Users with developer access can still view the masked data||Mainly useful in production system. Appropriate change management controls are required because HANA Modelers having access to view maintenance in development system can transport the unmasking settings.||In non-production systems|
In conclusion, depending on the use cases and appetite for maturity in data security, SAP UI Masking, HANA DDM and SAP TDMS are beneficial.
Thanks for reading the blog. Kindly leave any questions or comments below.